I've search the INTERNET for 5 days now and late into the evening, but I'm totally stumped in resolving my problem, so I would appreciate any guidance from the experts. I've configured as per the many guides I've found and have a basic understanding of how this all works, but there is no information anywhere on how to setup the Users / Client details for freeRADIUS.
Did you try reading comments in users file and clients.conf ie. files you were about to change?
First THANKS for replying... I did, but still cannot work out what I'm doing wrong on this as there is so many guides and different ways of doing things, or thats how it seems. Everything authenticates ok and the correct IP is allocated now, but I'm not able to BROWSE any sites and cannot even ping the ip address given to the PPP adatper. I can only access the VPN, but none of the traffice seems to be routing correctly. Can you offer any further supports, please. Windows IP Configuration PPP adapter testvpn Connection-specific DNS Suffix . : IPv4 Address. . . . . . . . . . . : 10.0.0.168 Subnet Mask . . . . . . . . . . . : 255.255.255.255 Default Gateway . . . . . . . . . : 0.0.0.0 C:\Users\Nev>ping 10.0.0.168 Pinging 10.0.0.168 with 32 bytes of data: General failure. General failure. General failure. General failure. Ping statistics for 10.0.0.168: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), ppp0 Link encap:Point-to-Point Protocol inet addr:10.0.0.1 P-t-P:10.0.0.168 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1 RX packets:3890 errors:0 dropped:0 overruns:0 frame:0 TX packets:1731 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:442107 (431.7 KiB) TX bytes:108501 (105.9 KiB) Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- 10.0.0.0/24 anywhere [root log]# cat /etc/sysctl.conf # Kernel sysctl configuration file for Red Hat Linux # # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and # sysctl.conf(5) for more details. # Controls IP packet forwarding net.ipv4.ip_forward = 1 [root log]# cat /proc/sys/net/ipv4/ip_forward 1 RADIUS LOG.. +- entering group post-auth {...} [test_pool] expand: %{NAS-IP-Address} %{NAS-Port} -> 127.0.0.1 0 [test_pool] MD5 on 'key' directive maps to: ee0282d57992a30bce29ea43d092ac16 [test_pool] Searching for an entry for key: 'ee0282d57992a30bce29ea43d092ac16' rlm_ippool: Allocating ip to key: 'ee0282d57992a30bce29ea43d092ac16' [test_pool] num: 1 [test_pool] Allocated ip 10.0.0.168 to client key: ee0282d57992a30bce29ea43d092ac16 ++[test_pool] returns ok ++[exec] returns noop Sending Access-Accept of id 95 to 127.0.0.1 port 51514 Service-Type = Framed-User Session-Timeout = 65000 Framed-Protocol = PPP Framed-MTU = 1400 MS-CHAP2-Success = 0xf2533d35303143344543324435364631324646424434313043314445303236314244324642323145323238 MS-MPPE-Recv-Key = 0x39c2ccda839a57b64583b1f3a55ed07e MS-MPPE-Send-Key = 0xeaa3b2169241344554880f6e3a6f956b MS-MPPE-Encryption-Policy = 0x00000001 MS-MPPE-Encryption-Types = 0x00000006 Framed-IP-Address = 10.0.0.168 Framed-IP-Netmask = 255.255.255.0 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Accounting-Request packet from host 127.0.0.1 port 40285, id=96, length=97 Acct-Session-Id = "4A1897253C3400" User-Name = "test1" Acct-Status-Type = Start Service-Type = Framed-User Framed-Protocol = PPP Acct-Authentic = RADIUS NAS-Port-Type = Async Framed-IP-Address = 10.0.0.168 NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Acct-Delay-Time = 0 +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 127.0.0.1,NAS-IP-Address = 127.0.0.1,Acct-Session-Id = "4A1897253C3400",User-Name = "test1"' [acct_unique] Acct-Unique-Session-ID = "2855668f1c6c9940". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "test1", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop +- entering group accounting {...} [detail] expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /usr/local/var/log/radius/radacct/127.0.0.1/detail-20090524 [detail] /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/127.0.0.1/detail-20090524 [detail] expand: %t -> Sun May 24 00:39:01 2009 ++[detail] returns ok ++[unix] returns ok [radutmp] expand: /usr/local/var/log/radius/radutmp -> /usr/local/var/log/radius/radutmp [radutmp] expand: %{User-Name} -> test1 ++[radutmp] returns ok [test_pool] This is not an Accounting-Stop. Return NOOP. ++[test_pool] returns noop [attr_filter.accounting_response] expand: %{User-Name} -> test1 attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] returns updated Sending Accounting-Response of id 96 to 127.0.0.1 port 40285 Finished request 1. Cleaning up request 1 ID 96 with timestamp +56 Going to the next request Waking up in 3.0 seconds. Cleaning up request 0 ID 95 with timestamp +54 Ready to process requests.
The problem, I'm facing is the allocation of IP address / GW / DNS by freeRADIUS for the VPN connections coming onto my server.
my service PrivateIP address is 19x.xxx.xxx.190
I've iptables setup to forward all NAT traffic through the PRIVATEIP, but allocation of a GW of 10.0.0.1 and a Client IP of 10.0.0.200
However, when I connect and freeRADIUS authenticates me SUCCESSFULLY. I get given a IP of 192.168.2.82 from the test_pool, but pool range-start = 10.0.0.100 range-stop = 10.0.0.199 which is totally different to the address allocated by the pool. ANY IDEAS?
Was test_pool once upon a time in 192.168.2.x range? When you change the IP range you need to delete db files. This is clearly stated in the ippool module ie. the file you have changed.
I did not delete this, as this was the first time test_pool was used, however this proved to be the issues and I thank you for that. So it must have come in as part of the RPM.